Open optiz0r opened 2 years ago
The three failing test suites don't look to be failing in relation to my changes.
~This actually isn't working quite as expected, it causes failures on the first run, and then converges on the second run.~ Solved by latest force push.
Pull Request (PR) description
The current code for authenticating to quorum members runs the auth command on every puppet run. This both updates the credentials on disk, and generates a puppet change event, which are btoh undesirable.
The proposed change checks to ensure all quorum members have an auth token in the credentials file, and updates auth for all members if any one member is missing. This results in a convergent state.
There is a caveat, in that what gets stored in the credentials file is not the original password, but an auth token. There does not seem to be a pcs command to check the tokens are still valid. So this code is only checking for presenence of auth tokens, not correctness. If the authentication token is later invalided, puppet will not correct this. It would be necessary to manually run the
pcs host auth
orpcs cluster auth
commands to fix it.This Pull Request (PR) fixes the following issues
Fixes #500